Information Security Policy
1. Purpose
The purpose of this document is to demonstrate the company’s commitment to information security, continual improvement and satisfying applicable information security requirements of its interested parties such as clients, partners and suppliers.
2. Policy
It is the Company’s policy to develop, implement and maintain an Information Security Management System that:
- Provides assurance within the company and to our clients and partners that the availability, integrity and confidentiality of their information will be maintained appropriately.
- Manages information security risks to all company and customer assets.
- Protects the company’s ongoing ability to meet contracted commitments through appropriate Business Continuity.
- Bases information security decisions and investments on risk assessment of relevant assets considering; Integrity, Availability and Confidentiality.
- Takes into account business and legal or regulatory requirements and contractual security obligations.
- Maintains awareness of all employees so they can identify and fulfil contractual, legislative and company specific security management responsibilities.
- Minimises the business impact and deals effectively with security incidents.
- Meets the requirements of any other interested parties not already specified.
This Policy is supported by a number of information security objectives, the performance of against which is monitored and discussed at management meetings as part of the continuous improvement program.
3. Policy Adherence
All information security policies and procedures can be found on the information security space in Confluence. It is the responsibility of employees and contractors to read these and report any non-compliances in accordance with the Information Security Incident Reporting Process.
Failure to comply with company security policies and procedures will result in disciplinary action where necessary.
4. Key Supporting Documents
- Acceptable Use Policy
- Access Control Policy
- Asset Management Procedure
- Backup & Restore Procedure
- Backup & Restore Procedure (Customer facing)
- Bring Your Own Device Policy
- Capacity Management Process
- Change Management Policy
- Clear Desk & Screen Policy
- Computer and System Logging Policy
- Cryptography Policy
- Data Protection Policy
- Data Retention Policy
- Disposal Policy
- Document Control Procedure
- Encryption procedures
- Incident Handling Policy
- Information Classification, Handling & Exchange Policy
- Information Security Policy
- Information Security – Project Delivery Guidelines and Measures
- Internet & Email usage policy
- ISMS Communications Plan
- ISMS Internal Audit Procedure
- ISO Training & Refreshers 2021
- IT General Policies & Procedures
- Mobile Device & removable media Policy
- Non conformity, corrective action, & continuous service improvement process
- Patching Policy
- Physical and Environmental Security Policy
- Remote Access/working IT Policy
- Secure Development Policy
- Statement of Applicability
- Supplier Security Policy
- Technical Vulnerability Management Policy